Systems, methods, and software can be used to provide authentication for a software service. In some aspects, an identity provider (IDP) receives an identity authentication request from a client device. The IDP transmits an on-premises verification initiation request for a digest authentication to on-premises directory provider (OPDP). The IDP receives an on-premises verification initiation request. The an on-premises verification initiation request includes one or more digest authentication attributes. The IDP transmits the one or more digest authentication attributes. The IDP receives a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials. The IDP transmits the digest, and receives an on-premises verification response that indicates a result of the digest authentication.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method, comprising: receiving, at an identity provider (IDP) and from a client device, an identity authentication request, wherein the IDP performs identifications for accessing a software service that is provided by a software service provider; transmitting, from the IDP to an on-premises directory provider (OPDP), an on-premises verification initiation request for a digest authentication, wherein the OPDP performs identity authentication for accessing the software service and the OPDP operates inside of an enterprise network, and the IDP operates outside of the enterprise network; receiving, at the IDP and from the OPDP, an on-premises verification initiation response, wherein the on-premises verification initiation response includes one or more digest authentication attributes including a realm attribute; transmitting, from the IDP to the client device, the one or more digest authentication attributes; receiving, at the IDP and from the client device, a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials; transmitting, from the IDP to the OPDP, the digest; and receiving, at the IDP and from the OPDP, an on-premises verification response that indicates a result of the digest authentication.
2. The method of claim 1 , wherein the one or more digest authentication attributes include a nonce attribute.
3. The method of claim 1 , wherein the one or more digest authentication attributes are generated by the OPDP.
4. The method of claim 1 , wherein the digest is calculated by the client device using a cryptographic hashing algorithm.
5. The method of claim 4 , wherein the cryptographic hashing algorithm comprises an MD5 hashing algorithm.
6. The method of claim 1 , wherein the digest is calculated by the client device using a script transmitted from the IDP to the client device.
7. The method of claim 1 , further comprising: determining that the digest authentication is to be performed based on the identity authentication request; and wherein the on-premises verification initiation request is transmitted in response to determining that the digest authentication is to be performed.
8. An identity provider (IDP), comprising: at least one hardware processor; and a non-transitory computer-readable storage medium coupled to the at least one hardware processor and storing programming instructions for execution by the at least one hardware processor, wherein the programming instructions, when executed, cause the at least one hardware processor to perform operations comprising: receiving, at the IDP and from a client device, an identity authentication request, wherein the IDP performs identifications for accessing a software service that is provided by a software service provider; transmitting, from the IDP to an on-premises directory provider (OPDP), an on-premises verification initiation request for a digest authentication, wherein the OPDP performs identity authentication for accessing the software service and the OPDP operates inside of an enterprise network, and the IDP operates outside of the enterprise network; receiving, at the IDP and from the OPDP, an on-premises verification initiation response, wherein the on-premises verification initiation response includes one or more digest authentication attributes including a realm attribute; transmitting, from the IDP to the client device, the one or more digest authentication attributes; receiving, at the IDP and from the client device, a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials; transmitting, from the IDP to the OPDP, the digest; and receiving, at the IDP and from the OPDP, an on-premises verification response that indicates a result of the digest authentication.
9. The IDP of claim 8 , wherein the one or more digest authentication attributes include a nonce attribute.
10. The IDP of claim 8 , wherein the one or more digest authentication attributes are generated by the OPDP.
11. The IDP of claim 8 , wherein the digest is calculated by the client device using a cryptographic hashing algorithm.
12. The IDP of claim 11 , wherein the cryptographic hashing algorithm comprises an MD5 hashing algorithm.
13. The IDP of claim 8 , wherein the digest is calculated by the client device using a script transmitted from the IDP to the client device.
14. The IDP of claim 8 , the operations further comprising: determining that the digest authentication is to be performed based on the identity authentication request; and wherein the on-premises verification initiation request is transmitted in response to determining that the digest authentication is to be performed.
15. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising: receiving, at an identity provider (IDP) and from a client device, an identity authentication request, wherein the IDP performs identifications for accessing a software service that is provided by a software service provider; transmitting, from the IDP to an on-premises directory provider (OPDP), an on-premises verification initiation request for a digest authentication, wherein the OPDP performs identity authentication for accessing the software service and the OPDP operates inside of an enterprise network, and the IDP operates outside of the enterprise network; receiving, at the IDP and from the OPDP, an on-premises verification initiation response, wherein the on-premises verification initiation response includes one or more digest authentication attributes including a realm attribute; transmitting, from the IDP to the client device, the one or more digest authentication attributes; receiving, at the IDP and from the client device, a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials; transmitting, from the IDP to the OPDP, the digest; and receiving, at the IDP and from the OPDP, an on-premises verification response that indicates a result of the digest authentication.
16. The computer-readable medium of claim 15 , wherein the one or more digest authentication attributes include a nonce attribute.
17. The computer-readable medium of claim 15 , wherein the one or more digest authentication attributes are generated by the OPDP.
18. The computer-readable medium of claim 15 , wherein the digest is calculated by the client device using a cryptographic hashing algorithm.
19. The computer-readable medium of claim 18 , wherein the cryptographic hashing algorithm comprises an MD5 hashing algorithm.
20. The computer-readable medium of claim 15 , wherein the digest is calculated by the client device using a script transmitted from the IDP to the client device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 2, 2017
November 17, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.